MRT Blocked by "System Administrator"
Solved
Pierrelcm
-
bazfile Posted messages 58430 Registration date Status Modérateur Last intervention -
bazfile Posted messages 58430 Registration date Status Modérateur Last intervention -
Hello,
Today I tried to "clean" my computer in order to remove as many viruses as possible. To do this, I wanted to use the Windows MRT software. However, I received an error message saying that the system administrator is blocking MRT.
This is a bit annoying since I am the only user of this computer.
Therefore, I browsed the forum and tried to find out more. One of the discussion topics suggested running a scan of my computer using the FRST software. I followed the instructions and I have 3 reports like these.
FRST: https://pjjoint.malekal.com/files.php?id=FRST_20201014_g8r9g5f8u14
Addition: https://pjjoint.malekal.com/files.php?id=20201014_c13k5b6d5c14
ShortCut: https://pjjoint.malekal.com/files.php?id=20201014_n6d9b9y9v14
Can you help me both to resolve my issue with the MRT software?
On the other hand, could you clarify the 3 reports above for me?
Thank you very much.
I am at your disposal for any questions.
Pierre
Today I tried to "clean" my computer in order to remove as many viruses as possible. To do this, I wanted to use the Windows MRT software. However, I received an error message saying that the system administrator is blocking MRT.
This is a bit annoying since I am the only user of this computer.
Therefore, I browsed the forum and tried to find out more. One of the discussion topics suggested running a scan of my computer using the FRST software. I followed the instructions and I have 3 reports like these.
FRST: https://pjjoint.malekal.com/files.php?id=FRST_20201014_g8r9g5f8u14
Addition: https://pjjoint.malekal.com/files.php?id=20201014_c13k5b6d5c14
ShortCut: https://pjjoint.malekal.com/files.php?id=20201014_n6d9b9y9v14
Can you help me both to resolve my issue with the MRT software?
On the other hand, could you clarify the 3 reports above for me?
Thank you very much.
I am at your disposal for any questions.
Pierre
3 réponses
Hello,
You had Avast, you uninstalled it, but there are remnants of Avast cleanup, and there is a group policy on MRT and Windows Defender.
To remove the remnants of Avast and the group policy on MRT and Windows Defender...
Procedure to follow in the order indicated:
1- Open FRST
2 - Copy the entire script in the box below:
3- Once you have copied the script, click on Fix.
Let the fix complete, once it's done, you will be asked to restart your PC, do it as soon as you're prompted, see below.
Then once your computer has restarted:
4- You will have a Fixlog file on your desktop, send it via https://pjjoint.malekal.com/ and then put the link generated by Pjoint in your next message.
--
bazfile
Moderator/Security Contributor.
A hello, a reply, a thank you are always appreciated.
You had Avast, you uninstalled it, but there are remnants of Avast cleanup, and there is a group policy on MRT and Windows Defender.
To remove the remnants of Avast and the group policy on MRT and Windows Defender...
Procedure to follow in the order indicated:
1- Open FRST
2 - Copy the entire script in the box below:
Start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\originuninstall.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\rtkngui64.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
GroupPolicy: Restriction ?
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
HKLM\SOFTWARE\Policies\Google: Restriction
Task: {9558186A-19A9-40C2-A4D3-F3493DC5B847} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {FCF41A51-5765-46B3-A9D5-E0D05618F9EE} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKU\S-1-5-21-1116260424-2433544373-545332805-1001\...\Run: [AdobeBridge] => [X]
Task: {55CA1DD8-BE9E-426D-BA34-4B87B3063AD3} - \update-S-1-5-21-1116260424-2433544373-545332805-1001 -> No file <==== ATTENTION
Task: {A64BD2D3-2C16-453E-8A02-3D3FA119895A} - \update-sys -> No file <==== ATTENTION
FF Plugin HKU\S-1-5-21-1116260424-2433544373-545332805-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pierre\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No file]
FF Plugin HKU\S-1-5-21-1116260424-2433544373-545332805-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pierre\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No file]
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
U3 dmwappushsvc; no ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
C:\ProgramData\AVAST Software
C:\Program Files\Common Files\AV\avast! Antivirus
C:\Program Files (x86)\AVAST Software
EmptyTemp:
End::
3- Once you have copied the script, click on Fix.
Let the fix complete, once it's done, you will be asked to restart your PC, do it as soon as you're prompted, see below.
Then once your computer has restarted:
4- You will have a Fixlog file on your desktop, send it via https://pjjoint.malekal.com/ and then put the link generated by Pjoint in your next message.
5- CHECK AND TELL ME IF YOUR PROBLEM IS STILL PRESENT
.--
bazfile
Moderator/Security Contributor.
A hello, a reply, a thank you are always appreciated.